OTIFYD's OT Network Segmentation is a professional service that divides Operational Technology (OT) networks into isolated subnetworks or security zones, each governed by its own security controls and firewall rules. The service addresses the inherent insecurity of legacy OT environments — many of which were built on the assumption of air-gap isolation — by introducing structured network separation aligned with frameworks such as NIST 800-53 and the Purdue Model. The service establishes trusted and untrusted zones to control traffic flows between OT segments and external networks, including corporate IT, third-party systems, and plant-to-plant connections. It targets critical OT assets such as Safety Instrumented Systems (SIS), Distributed Control Systems (DCS), and SCADA systems, as well as sensitive data repositories. Key deliverables include: - Comprehensive network architecture discovery and analysis - Security zones and conduit diagram creation - Logical and physical network architecture diagrams (current and target state) - Logical segmentation proposals covering IP subnetting and VLAN plans - Tactical and strategic recommendations, including technology solution considerations The service is designed to slow lateral movement during attacks, enforce least privilege access policies, reduce the blast radius of security incidents, protect sensitive OT data, and improve network performance by reducing congestion. Deliverables can be customised to client-specific requirements.